Oracle GoldenGate finally has a GUI/Web Page interface to work with the product. This has been a long over due and welcomed feature that was initally released with Oracle GoldenGate Microservices in 12.3. Since 12.3 and through 19.1, the Oracle GoldenGate team has been preaching the simplicity and securty benefits of using a reverse proxy to simplify the URLs that are used with Oracle GoldenGate Microservices. Afterall, using a reverse proxy is a great way to simplify the architecture and allow you quick access to resources using shorter URLs.
After setting up Oracle GoldenGate Microservices, you can access the ServiceManage by using a URL that looks like:
In my environment, this URL would look like this:
As you can tell, I can get to the ServiceManager page on port 16000 (you set the port, we don’t set default ports although we tell people 9000). Which is easy to access, but how would I access any of the other services provided by Oracle GoldenGate Microservices? The URLs to access the other services would just require changing the port number.
In my envionrment, I would just use URLs like this:
Not very elegant and who wants to remember port numbers? Especially when you may have multiple deployments on a single host. Much less asking your firewall admin to open ports…we all know how those grumpy bears are! How can we improve on this? The answer is simple, just use a reverse proxy to consolidate ports down to a single, standard port.
To make this easier to setup, we provide a utility when you install Oracle GoldenGate Microservices called ReverseProxySettings. This file can be found in the Oracle GoldenGate Microservices Home ($OGG_HOME/lib/utl/reverseproxy). This utility will do the initial configuration of an Nginx Reverse Proxy and allow access to a single port. The default port that is used is HTTPS (443).
To implement the Nginx Reverse Proxy, you first have to install NGINX. This done by pulling it from your Linux yum repository.
yum -y install nginx
After installing Nginx, then you will need to run the ReverseProxySettings utility. The utility requires the following items:
Oracle GoldenGate ServiceManager Login – This is the “security” role user
Password for the security role user
URL with port number for the ServiceManager
To run the script, it would look something similar to this:
cd $OGG_HOME/lib/utl/reverseproxy ./ReverseProxySettings -u oggadmin -P ********* -o ogg.conf https://localhost:16000
The ogg.conf file will be created in the directory where you ran the RegisterProxySettings script. This is the configuration file for Nginx Reverse Proxy. You can also use this file to model other reverse proxies, but Oracle is only going to support the Nginx version.
Once you ahve the ogg.conf file, you need to either be root or have sudo access to configure the Reverse Proxy. In this example, I’m using the sudo approach as the Oracle user.
To configure the Nginx Reverse Proxy, perform the following steps:
sudo cp ogg.conf /etc/nginx/conf.d/nginx.conf sudo sh /etc/ssl/certs/make-dummy-cert /etc/nginx/ogg.pem sudo nginx sudo nginx -t sudo nginx -s reload
After configuring the Reverse Proxy and starting the processes, you will be able ot access the ServiceManager without the port number. In this example, that would be:
Notice that the URL is shorter due to the port number being gone. Yes, I know it says it is un-secure, but that is due to the certficicate for the localhost. The enviornment is still encrypted between source -and-target. Will write another post at some point on how to fix that 🙂
Where the reall benefit of these short URLs while using the Reverse Proxy is with the deployments. Typically when you want to access a deployment, you would need to do something like this:
With the Reverse Proxy, I can now bypass the port number and drill directly down into the deployment I would like to use. Check this out:
This URL will take me directly to the Adminsitration Service for the Atlanta deployment.
With simplified URLs, I can easily administror Oracle GoldenGate from any remote location using the web pages without needing to remember port numbers. Which greatly simplifys the footprint of Oracle GoldenGate. Additionally, your firewall administrators will love you for making their life easier!
Current Oracle Certs
I’m Bobby Curtis and I’m just your normal average guy who has been working in the technology field for awhile (started when I was 18 with the US Army). The goal of this blog has changed a bit over the years. Initially, it was a general blog where I wrote thoughts down. Then it changed to focus on the Oracle Database, Oracle Enterprise Manager, and eventually Oracle GoldenGate.
If you want to follow me on a more timely manner, I can be followed on twitter at @dbasolved or on LinkedIn under “Bobby Curtis MBA”.